Insurance for Online Attacks Has Yet to Catch On
"Underwriters Labs puts their seal on things like fire and burglar alarms, and if you look at [cyberinsurance] way down the road, you can imagine a kind of Good Housekeeping Seal of Approval stamp on certain products," and that seal could ultimately give them greater market share, she says.
Novell’s Anderson concurs. "It’s like car insurance," he says. "In the future, as certain platforms have more break-ins, people who use those platforms will be charged an extra premium, just like a car with more rollovers will be charged a higher premium."
But not everyone agrees. "I don’t think that will make a difference in the long run," Voeller says. "It’s a shortsighted perspective believing that using Linux servers will make you magically better off. There are fewer break-ins on Linux servers because there are fewer people using them. The insurance industry is just playing with actuarial tables."
Whether the policies ultimately influence which products dominate a market remains to be seen. Before that can happen, more companies?many more?will need to buy policies. And at least for now, the indicators aren’t pointing toward a sudden surge in the rolls of the cyberinsured. "I haven’t heard of a lot of clients signing up," says Allan Carey, a senior analyst for IDC (a sister company to CIO’s publisher, CXO Media). "A lot of companies have inquired about it, but they haven’t gone ahead yet." Carey notes that a big issue is whether the money would be better spent elsewhere, such as implementing new security solutions or bolstering existing ones.
Worse, some CIOs believe that taking out cyberinsurance and then buying particular pieces of hardware or software in the search for discounted premiums might provide a false sense of safety. If that becomes the case, the policies may even prove a detriment to security.
And Novell’s Anderson warns that taking out cyberinsurance would be a mistake if it leads companies to believe that the policy somehow releases them from the task of handling security properly. "There is no insurance policy that will replace my responsibility," he says.
Get the latest on network infrastructure tools and technologies.
